Table of Contents
Advertisement
Option
Perfect Forward Secrecy (PFS)
Authentication Method
Pre-Shared Key
Description
-
ESP is a protocol for carrying out encrypted communication
using IPsec. ESP encrypts the payload (communicated
contents) and adds additional information. The IP packet is
comprised of the header and the encrypted payload, which
follows the header. In addition to the encrypted data, the IP
packet also includes information regarding the encryption
method and encryption key, the authentication data, and so
on.
-
AH is part of the IPsec protocol that authenticates the
sender and prevents manipulation (ensures the
completeness) of the data. In the IP packet, the data is
inserted immediately after the header. In addition, the
packets include hash values, which are calculated using an
equation from the communicated contents, secret key, and
so on, in order to prevent the falsification of the sender and
manipulation of the data. Unlike ESP, the communicated
contents are not encrypted, and the data is sent and
received as plain text.
•
Encryption
Select DES, 3DES, AES-CBC 128, or AES-CBC 256.
•
Hash
Select None, MD5, SHA1, SHA256, SHA384 or SHA512.
•
SA Lifetime
Specify the IKE SA lifetime.
Type the time (seconds) and number of kilobytes (KByte).
•
Encapsulation Mode
Select Transport or Tunnel.
•
Remote Router IP-Address
Type the IP address (IPv4 or IPv6) of the remote router. Enter this
information only when the Tunnel mode is selected.
SA (Security Association) is an encrypted communication
method using IPsec or IPv6 that exchanges and shares
information, such as the encryption method and encryption key,
in order to establish a secure communication channel before
communication begins. SA may also refer to a virtual encrypted
communication channel that has been established. The SA
used for IPsec establishes the encryption method, exchanges
the keys, and carries out mutual authentication according to the
IKE (Internet Key Exchange) standard procedure. In addition,
the SA is updated periodically.
PFS does not derive keys from previous keys that were used to encrypt
messages. In addition, if a key that is used to encrypt a message was
derived from a parent key, that parent key is not used to derive other
keys. Therefore, even if a key is compromised, the damage will be
limited only to the messages that were encrypted using that key.
Select Enabled or Disabled.
Select the authentication method. Select Pre-Shared Key or
Certificates.
When encrypting communication, the encryption key is exchanged and
shared beforehand using another channel.
If you selected Pre-Shared Key for the Authentication Method, type
the Pre-Shared Key (up to 32 characters).
•
Local/ID Type/ID
Select the sender's ID type, and then type the ID.
444
Advertisement
Table of Contents
